#elasticsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #elasticsecurity, aggregated by home.social.
-
Elastic response to blog ‘EDR 0-Day Vulnerability’
#ElasticSecurity
https://www.elastic.co/blog/elastic-response-edr-0-day-vulnerability-blog -
I spent too much time banging my head against the wall getting #ElasticSecurity and #Kolide to run well on #immutable #Linux distros like #Fedora #SilverBlue
Here's the first article:
https://unfinished.bike/elastic-agent-on-fedora-silverblue
Linux distro's heading to where macOS today: where the root filesystem is mostly immutable, but not entirely. #ChromeOS arrived there a decade ago, but everyone seems to be moving in the same direction.
-
Question for Elasticsearch experts. Well, specifically, Elastic Security experts.
How do you cope with the fact that Elastic Security does not have traditional on-demand/scheduled AV scanning?
Companies often ask questions about AV scans in their vendor "security questionnaires" and I've never seen a good answer that explains why/how next-gen AV/EDR doesn't do "scanning."
What do you tell people? How do you get this past ancient regulatory requirements and/or companies who don't know what "EDR" means?
[Boosts appreciated. 🚀]
[Edit: I guess this is a question for anyone using any "next-gen av" or EDR like #Crowdstrike or #SentinelOne ]
#Cybersecurity #InformationSecurity #Elastic #Elasticsearch #ElasticSecurity #EndpointProtection #EDR -
As we close out 2023,
Check ✅️ out my Elastic Advent Calendar entry "How to investigate a Malicious Alert for Threat Hunting in Elastic Security" -
Join me for an Elastic Security Community virtual event. I will be giving a tech talk on my Journey Into Malware Research and Reverse Engineering.
Hope to see you there! 🤩🙌
Date: Thursday, October 19
Time: 8am PST/11am EST#Elastic #ElasticSecurity #reverseengineering #malwareresearch #securityresearch
#womenincyber #womenincybersecurityMeetup link:
https://www.meetup.com/elastic-united-states-and-canada-virtual/events/296510147/Session will be recorded and shared on the YouTube Elastic Community page for those who are unable to attend.
-
3CX Breach Was a Double Supply Chain Compromise
https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/
#doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise
https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/
#doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
-
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
-
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
-
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
-
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
-
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
-
Just added: YAML Config Snippet of JPCERT Lateral Movement Events to Monitor (Windows) https://hannahsuarez.github.io/2021/YAML_Lateral_Movement_Events_to_Monitor/
#security #cybersecurity #infosec #elasticsecurity #blueteam
-
YAML config based on the Palantir Windows Event Forwarding Guidance (can combine with a couple of YML configs, linked in that entry).
YMMV
#security #cybersecurity #infosec #elasticsecurity #blueteam
-
YAML configs for:
1. NSA Events to Monitor List https://hannahsuarez.github.io/2021/Winlogbeat_NSAEventstoMonitor/
2. Events from the Windows 10 and Windows Server 2016 Security auditing and monitoring reference https://hannahsuarez.github.io/2021/Windows_10_Windows_Server_2016_Security_auditing_monitoring_reference/
3. Exploit protection events based on attack surface reduction events https://hannahsuarez.github.io/2021/ExploitProtectionEvents/
And, which Windows auditing events require failure and success logging?
https://hannahsuarez.github.io/2021/WhichEventsNeedFailureSuccessLogging/YMMV!
I have a few more to share next week.
#security #cybersecurity #infosec #elasticsecurity #blueteam